Notes on SIP Session 2 at IETF 62
Reported by Amy Pendleton
SIP Interaction Framework
Jonathan Rosenberg
draft-ietf-sipping-app-interaction-framework-04.txt
- issue: unifying dialog id mech btwen app-interaction and other specs
(e.g. cc-tranfer)
- Rohan (RM) posted proposal to use Target-Dialog header in dialog
usage draft
- Jonathan Rosenberg (JR) posted draft on problem: keep target-dialog
as standalone ID, norm ref from cc-transfer
- Alan J. - update target dialog with option tag
* ACTION: chairs to coord with area director to add to charter
Management of Outbound Connections
Cullen Jennings
draft-jennings-sipping-outbound-01.txt
- open issues: does not work for 3rd party registrations.
- suggest using OPTION tag to detect if registrar supports flow-id
- RM: not sure need OPTION tag, what would UA do? not adding value..
- JR: suggest use REQUIRE tag? biggest problem in all impl -- everyone
doing something different, need to solve this!
- Alan H: options tag elim incorrect binding in registrar
* RESOLVE: Cullen Jenning (CJ) will update draft
Using Certificates with SIP
Cullen Jennings
draft-ietf-sipping-certs-01.txt
- Jon Peterson (JP): make sure to clarify subscription duration
- CJ: should not cache beyond validity time
- Francois Audet (FA): doesn't deal well with retargeting (or forking
that looks like retargeting)
- CJ: thinks it does deal with it well
- FA: may not want same cert for all users with retarget
- CJ: sending user can choose who to use cert
- JP: like RFC3261; use S/MIME...
- CJ: FA's problem is separate
- FA: need to clarify scope
- res: change name to reflect credential mgmt service, not cert mgmt
serv
- if you know cred you want, this will work
- JR: what happens if you send SUB to GRUU?
- JP: addressed by identity draft
End-to-middle security
Kumiko Ono
draft-ono-sipping-end2middle-security-04.txt
- open isue: how should error msg indicate content-type which needs
sign to be att for data integ.
- resolution: for data integ, sign for body part alone not sufficient;
always need sign for whole body; but should sign be in, out ,or both
when encrypted?
- JP: 3261 went back and forth, but doesn't make diff -- if anything,
sign should be inside
- CJ: prob stronger to put sign inside
- ? : gen safer to put inside, but there are reasons to put outside
- res: INSIDE
- open issue: how proxy tell a UA to disclose body while protect data
integ?
- options: new error response, existing resp with warning header, or
existing resp instruct UA one task at a time
- CJ: adding semantics to headers that wasn't there
- J.Polk: could use content-id...
- KO: how to do NOTIFY?
- JP: depends on whether you want to view whole body or body part; cid
works if body part only
- DW: could cid point to part of body part?
- JP: does proxy know which one it wants? when whole body, can't see
what cid's are included, going to just have to ask for whole body or
use types (UA sends if exists in body)
- DW: could use cid, cont type, or whole body, depending on scenario
- RESOLVE: mailing list??
- draft adopted
Extension Negotiation
Volker Hilt
draft-hilt-sip-ext-neg-00.txt
- announcing ext creates overhead; only announced in certain cases
(slides)
- proposal: add parameter to accept header
- Paul K: agg existing problem of not knowing accept header, which msg
to put in?
- DW: when does it make sense to include?
- PK: endpoints must have state model to remember when to use, what is
period of time?
- JR: simplist and best interop by putting full list of things supported
- DW: RFC3261 is scoped to contain dialog
- DW: need guidelines for when to send accept?
- AR: no way to determine ext not supported; only know what IS supported
- is there a use case for ext?
- RESOLVE: need to discuss use cases
JP's extra presentation: retargeting
- RM: sometimes unanticipated respondent is good.
- RM: blacklist issue: call car dealer, but don't want them to call me
back
- CJ: terminology problem with "unanticipated"
- JR: connected party id is useless from security perspective but
useful for unanti problem -- user can hangup
- JP: need some determinism
- Keith: two prob's: connected party and security
- CJ and JP: must trust proxy assoc with domain -- internet security
model
- JP suggests an info draft that captures problems
- JR: suggests 3 drafts: one is JP's solution, second is narrow
scope to only connected party, third is doc update to SIP behavior for
prob resolution